NP Privacy Partner
Children’s Privacy & COPPA
Advertising and Marketing
Mobile Technology & Websites
Corporate & Board Governance
Enforcement & Litigation
Health Care & HIPAA
ABOUT NIXON PEABODY
Education Department’s Dear Colleague Letter addresses privacy concerns relating to Title IV third-party servicers
On August 18, the United States Department of Education (“Department”) issued a
Dear Colleague Letter
addressing issues that arise when an educational institution participating in Title IV programs uses a third-party servicer. The DCL delineates a non-exhaustive list of commonly provided third-party services, such as managing and administering Title IV funds. The DCL stresses several important privacy considerations that should not be overlooked in educational institutions’ arrangements with third-party servicers.
Educational institutions must ensure that their third-party servicer contracts ensure the servicers’ compliance with all applicable laws. Institutions are subject to the information security requirements established by the Federal Trade Commission for financial institutions. Accordingly, institutions must take reasonable steps to select and retain service providers that are capable of maintaining information security safeguards and must require service providers by contract to implement appropriate security protocols. Also, the institution must require the third-party servicer to comply with the Family Educational Rights and Privacy Act (“FERPA”) regarding the receipt and use of provided education records.
FERPA allows educational institutions to disclose personally identifiable information (“PII”) from a student’s education record to a third-party servicer, without consent, with respect to financial aid for which the student has applied or which the student has received. Such disclosure of PII must be for the purposes of determining eligibility for the aid, determining the amount of the aid, determining the conditions of the aid or enforcing the terms and conditions of the aid. FERPA imposes recordation requirements as part of such sharing of information, including the parties who received the PII from the education records and the legitimate interests justifying the sharing of the information.
PII provided to a third-party servicer should be limited to only the extent necessary for the servicer to perform the Title IV function(s) or service(s) as part of the contractual relationship with the educational institution. Servicers are prohibited from using PII for any purpose other than the contracted services with the institution. The Department has the right to initiate an administrative action against the educational institution and/or its third-party servicer for any FERPA violation.
Posted at 9:51 AM by Richard, Steven | Category:
Email this Post
Check Effective Permissions
There are no comments yet for this post.
Check Effective Permissions
Items on this list require content approval. Your submission will not appear in public views until approved by someone with proper rights.
More information on content approval.
indicates a required field
Statement of Client Rights
This website contains attorney advertising. Prior results do not guarantee a similar outcome. © 2018 Nixon Peabody LLP